The vulnerability involves two components of the firewall that handle e-mails, PGP said. Both components are vulnerable to a buffer overflow attack in which a large amount of data is sent to them, causing an error in the system that could give an attacker access, the company said. The company has released a patch, which it describes as "mandatory".
Affected products are Gauntlet for Unix versions 5.x and higher, PGP e-ppliance 300 series version 1.0 and higher, PGP e-ppliance 1000 series versions 1.5 and 2.0, McAfee e-ppliance 100 and 120 series and McAfee WebShield for Solaris v4.1. For users with HP-UX Gauntlet 5.x systems, the patch will only work if HP-UX 11.0 or higher is installed or if patch PHCO_16723 has been applied, PGP said.
The flaw was discovered by Garrison Technologies
Patches for Gauntlet and the e-ppliance series can be found at: ftp://ftp.nai.com/pub/security/ and www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp/
Patches for the McAfee products are available at: www.mcfeeb2b.com.